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CARL ANTHONY WEGE 

Iranian Counterintelligence 


Counterintelligence disciplines are, by their nature, more obscure than the 
larger community of analytic disciplines. Only a very few professionals, such 
as Michelle Van Cleave, John Ehrman, and Cynthia Grabo, have produced 
open literature materials with a primary focus on counterintelligence. 1 
Iranian counterintelligence (Cl) activity remains almost unaddressed, leaving 
a significant gap in the open literature. 

In contrast to democratic countries, where intelligence services are 
configured to inform the decisionmaking process of political leaders, Near 
Eastern intelligence organizations often pursue different purposes. In many 
Arab countries multiple Mukhabarats are structured for the dual purpose of 
repressing popular dissent and preventing any coup d’etat. Consequently, the 
foundation of many such Mukhabarats is regime preservation rather than 
educating political decisionmakers. Iranian intelligence and counterintelligence 
organs share similarities of purpose with the Arab Mukhabarats while having 
distinctive permutations drawn from Persian sociology and the history of Iran. 

IRAN’S INTELLIGENCE ARCHITECTURE 

Iran’s modern intelligence architecture begins with Shah Mohammad Reza 
Pahlavi’s creation of SAVAK (Sazemn-I Eitela’at a Amniyat-I Kishavr) 
in 1957. In the immediate aftermath of Iran’s 1979 Revolution, the Palestine 
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Liberation Organization’s (Fatah) intelligence entity Jihaz al-Razd provided 
some intelligence support for Ayatollah Ruhollah Khomeini’s regime, 2 
followed by the creation of SAVAMA (Sazman-e Ettelaat Va Amniat Meli) 
under the auspices of General Flussein Fardust as the first iteration of a post- 
Revolutionary Iranian intelligence enterprise. SAVAMA itself quickly 
transitioned into a Ministry of Intelligence and Security (MOIS, Vezarat-e 
Ettela'at va Amniat-e Keshvar or VEVAK) in 1984/’ Ayatollah Khomeini’s 
vision of the Vilayat-e Faqih 4 animating the Revolution created new 
standards wherein every Minister of Intelligence, beginning with Mohammed 
Rayshahri, was a religious authority rather than an intelligence professional. 5 
Concurrently some of the educational institutions congruent with this vision, 
such as the Madrase-ye Haqqani theological school in Qom (1 and Imam 
Mohammed Bagher University in Tehran, 7 became associated with MOIS. 

Ali Fallahian’s appointment as Iran’s Intelligence Minister in 1989 
breathed life into a substantive Iranian intelligence organization that was 
setting up training agreements with Bonn, Moscow, and North Korea and 
installing then-modern Japanese communications equipment for use by the 
Intelligence Ministry. 5 MOIS, maturing in the 1990s, established a liaison 
relationship with the Russian Foreign Intelligence Service (Sluzhba Vneshnei 
Razvedki or SVR) which replaced the U.S. Central Intelligence Agency 
(CIA) and Israeli MOSSAD personnel who had educated the SAVAK in the 
1960s and 1970s. 7 Russian tradecraft (including counterintelligence) 
manifested in a Persian cultural milieu came to define the foundations of 
Iranian intelligence. In the mid-1990s MOIS adopted a model pioneered by 
Russia’s Yevgeni Primakov in revamping the SVR that was intended, in part, 
to restructure the Iranian service to better focus on counterespionage. 10 
MOIS personnel were trained in traditional Soviet KGB tradecraft and the 
old KGB methods of disinformation which the MOIS called Nefaq (an 
Arabic, not Farsi, word for “discord” or “hypocrisy”). That “hypocrisy” was 
made congruent with the concept of Taqiyya or Kitmdn in Tehran’s 
information operations promoting the Vilayet across the region. 11 The 
French Centre for Research on Intelligence estimated that the MOIS was 
employing roughly 15,000 persons a decade ago, with a significant percentage 
deployed overseas under both official and non-official cover. 12 The maturing 
MOIS administrative structure was, by the 1990s, conforming to that found 
in many other intelligence agencies, with multiple directorates exercising 
traditional functions. 1 ’ More recent iterations of the MOIS under Mahmoud 
Alavi have evolved less as a traditional Ministry but rather more akin to an 
executive body by-passing the President and reporting directly to the 
Supreme Leader of the Islamic Republic, Ali Hosseini Khamenei. 14 

Throughout the bitter combat of the 1980s Iran Iraq War Ayatollah 
Khomeini kept alert to the counter-revolutionary potential he saw in the 
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armed forces. Concurrent with the growth of MOIS and distrustful of the 
imperial foundations of the military Artesh, the House of the Leader (Beyt-e 
Rahbari) continually enhanced the authority of the Iranian Revolutionary 
Guard Corps (Sepah-e Pasdaran-e Enqelab-e Eslami, Sepah, Pasdaran, or 
IRGC) as a counterweight to the Artesh. To suppress counter¬ 
revolutionaries, the representative of the Supreme Leader in the Armed 
Forces instituted what amounted to a “commissar system” of clerics at every 
level of the armed forces, the IRGC, Basiji, and the Defense Ministry with 
the task of identifying personnel whose propensities might tarnish what 
supporters of Iran’s Revolution would consider as the quintessential pearl of 
the Vilayat-e Faqih. 

Any Weberian understanding of Iran’s formal organizational structures is 
only partially descriptive and of limited utility when describing its larger 
intelligence apparatus. 1 ^ Lines of authority do not necessarily always run 
vertically though organizations but can extend laterally between them. 1 
Likewise, while Iranians are reasonably good at collecting intelligence they 
are lacking in analyzing that which was gathered at the national level. The 
products of intelligence analysis are relayed to political leaders through a 
Shi’a Islamist veneer designed to placate the scholar-jurists by giving undo 
weight to convoluted conspiracies often involving Jews and the Baha’i rather 
than in realistic assessments and key judgments that might doom an objective 
analyst to the potential charge of “Occidentosis” (Gharbzadegi or Western 
intoxication). 17 

THE TOP OF THE STRUCTURE 

The apex of Iran’s official national security establishment, the Supreme 
National Security Council (SNSC), is intended to aggregate policymakers 
and the heads of the security apparatus and the armed forces into a coherent 
governing body. Yet, the SNSC’s organization serves less as a rational 
structure reflecting formal administration in a Weberian sense, able to be 
informed by and act on actionable intelligence, but rather as an arena for 
political contests and negotiations. It is a constellation of factions and 
crisscrossing reporting lines with authority anchored in patron-client 
relationships and Dowreh lh groups spanning multiple Shi’a power centers, 
Bonyads, and financially self-sufficient religious organizations. The SNSC at 
this juncture does not appear to have any secondary bodies equivalent to the 
U.S. National Counterintelligence Executive, 19 and the concept of Strategic 
Counterintelligence such as advocated for the United States by Michelle Van 
Cleave seems less developed within Iran’s counterintelligence system. Iranian 
counterintelligence appears fractured across multiple organizations and 
uncoordinated at a national level, and defined by an ad hoc and case-driven 
approach. 2 " Having a Van Cleave-like ‘strategic counterintelligence’ vision 
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might suggest to Tehran the impact of corruption across Iran’s Cl ecosystem, 
which would result in a more strategically coherent approach, but Iran still 
apes the traditional ad hoc case system which is to Tehran’s disadvantage. 

But, operationally, the case-driven Iranian approach to counterintelligence 
can remain functional. For example, several years ago, a CIA operation that 
was apparently making a shotgun effort to recruit a wide variety of Iranian 
nationals, who might someday have access to information targeted for 
intelligence collection and who had left the country for business in Malaysia, 
was compromised using such a case-driven approach. One of the students 
pitched by the CIA apparently reported the recruitment attempt to Iranian 
authorities in Iran. Thereafter, MOIS was able to identify both some two 
dozen students and other nationals who failed to report the Agency’s 
recruitment efforts and a significant number of CIA operations officers. 21 If, 
in fact, MOIS rolled up this nascent network as publicly described, its 
case-driven approach to counterintelligence seems able to identify and 
respond to foreign recruitment efforts, and capable of separating indicators 
of a genuine recruitment attempt from false recruiting reports based on 
corrupt reporting, misunderstanding, or personal delusions. 

THE PASDARAN 

In the last couple of decades, the Pasdaran has emerged as a Praetorian 
Guard and now constitutes the political and security backbone of the Islamic 
Republic. As the Guard continued to consolidate power it was given 
responsibility for Iran’s nuclear programs, 22 and as Iran approached the 
status of a nuclear threshold state its programs were targeted for extensive 
covert operations by adversary services. 2 ’ In 2005, the Oghab 2 (Eagle 2) 
organization, initially headed by Ahmad Wahidi, 24 was announced under 
IRGC auspices as a distinct body tasked with the protection of Iran’s nuclear 
assets, including the guarding of senior scientists and engineers, industrial 
equipment across the nuclear program, and the information infrastructure 
supporting it. 25 The Oghab 2 employee component apparently doubled 
during 2008 following a number of successful assassinations that disrupted 
Tehran’s nuclear program along with major sabotage incidents at 
Khavarshahar and Kavir Lut. 26 In 2009 President Mahmoud Ahmadinejad 
tasked General Abdulreza Chahili with yet again restructuring and 
reorganizing Oghab-2, a task which General Chahili turned over to a former 
member of Iran’s Supreme National Security Council, General Ali Hosain 
Tach. 27 The organization now includes a discrete psychological warfare and 
disinformation department to obscure elements of the nuclear program. 
Formally under the Guard, with several thousand employees, it apparently 
reports laterally to the MOIS Counterintelligence Directorate. 28 
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Following the near domestic uprising over Iran’s fraudulent elections in 
2009 the Khamenei government reorganized many security agencies, 
including several associated with the IRGC. Khamenei decreed creation of a 
new entity, called the Intelligence Organization of the Islamic Revolutionary 
Guard Corps (Sazeman-e Hefazat va Ettelaat or SHE) which reorganized the 
existing cadre of officers and managers in order to populate the new 
organization. The IRGC Intelligence Organization, headquartered at Qasr-e 
Firouzeh in Kamali near Tehran, is now headed by Hojatoleslam Hossein 
Taeb, with Gholamhossein Ramazani serving as his counterintelligence 
chief. 29 Taeb’s IRGC Intelligence Organization also commands the Internal 
Security Directorate at MOIS and the security apparatus of the Basiji. Taeb’s 
role again illustrates a matrix of reporting lines crossing agency jurisdictions 
thereby obscuring the functional relationships between Iranian 
intelligence bodies. 

Both the MOIS and the IRGC operate a network of prison and detention 
facilities, or portions thereof, both formal and informal, serving their own 
intelligence and counterintelligence interests and missions. For example, in 
the well-known Evin Prison near Tehran the IRGC controls Ward 2A and 
Section 325 30 along with the Tawhid Detention Center. Evin’s Ward 209 
serves as the main MOIS detention center, where persons are held while 
initial investigations of intelligence relevance are completed.’ 1 Prison 59 
(Eshratabad), also in Tehran, is specifically used by the IRGC Intelligence 
Organization. Additionally, semi-secret prisons run by Artesh Intelligence are 
Detention Center 36 (Jamshidyyih and Hishmatiyyih), and the Ministry of 
Defense Intelligence Protection Organization maintains its own prison, called 
Jay. 32 These are separate from the traditional prisons operated by the 
Judiciary, such as Tehran’s Kahrizak Detention Center, which was also used 
for political prisoners and ultimately was ordered closed. Iran’s State Prisons 
Organization, now headed by Asgar Jahangir, a former Chief of the 
Judiciary’s Counterintelligence Organization, 33 has no legal jurisdiction over 
the MOIS and IRGC-controlled elements of the detention system. 

The Iranian government was described here earlier as a constellation of 
factions, competing power centers, patron-client relationships, and multiple 
Dowreh groups. This also describes the functioning of the formal 
organizational structures of the MOIS and IRGC which precipitates conflicts 
difficult to regularize through formal organizational channels. The House of 
the Leader, a significant traditional center of power in Iran, acts as an 
administrative office answering directly to the Supreme Leader (Rahbar). 
Ayatollah Khamenei has expanded this body and tried to utilize it to 
institutionalize conflict management between the MOIS and IRGC through 
an administrative device called Department 101, which acts as a special 
intelligence entity under Asghar Mir Hejazi. He also commands a special unit 
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of the Revolutionary Guard, the Sepah-e Vali Anr, which protects the 
Supreme Leader, arbitrates conflict, clarifies responsibilities, and coordinates 
some intelligence activities between MOIS and the IRGC. 34 

IRANIAN COUNTERINTELLIGENCE 

Counterintelligence nomenclature, whether applied in an Iranian context or 
elsewhere, is somewhat malleable, and the semantics of its usage change in 
time and across cultures. Terms and phrases like defensive and offensive 
counterintelligence, strategic counterintelligence, and distinctions between 
security and counterintelligence, can be soft distinctions. Best practice would 
acknowledge that intelligence and counterintelligence disciplines have 
definitive nomenclatures, but that semantic squabbles are cross-culturally 
problematic anyway so they should not dissuade a conceptual discussion of 
Iranian Cl. 35 A basic theoretical definition of counterintelligence suggests that 
“Counterintelligence refers to information gathered, and activities conducted 
to protect against espionage (and) other intelligence activities. ... ” 36 
Counterintelligence can be viewed as an analytic discipline (it is also 
considered an operational discipline and reasonable people can here agree to 
disagree) that has as its foundational objective the countering of the activities 
of foreign intelligence services. That objective can be achieved through various 
methods including deception, penetration of hostile services, ferreting out 
threats within one’s own services, and looking for broader efforts to subvert 
civil society. 37 Organizationally, Cl can be a component of the positive overall 
collection effort. It can also be segmented into a stand-alone organization, or 
blended into the larger intelligence architecture using both approaches. In 
general, the open literature on counterintelligence nomenclature often 
conflates relevant terms thereby creating unintended obfuscation. This can 
be a function of viewpoint, as a single event that might be considered positive 
human intelligence collection may also be considered an offensive 
counterintelligence operation from a different perspective. 

Like all governments, Iran has its unique ways of incorporating the 
counterintelligence function into the screening of candidates for its security 
services. In Khamenei’s government counterintelligence vetting begins as 
soon as candidates are recruited into the Iranian services. Selecting applicants 
for the Ministry of Intelligence and Security, the Revolutionary Guard, and 
the Basiji requires counterintelligence approaches specifically related to the 
structural and functional differences among the organizations. The most 
robust selection process, from a counterintelligence standpoint, is that of the 
MOIS. It begins with the recruitment of individuals having specific subject 
majors, with testing in Hamedan in western Iran, followed by nine- to 
twenty-four-month investigations, then by further specialized intelligence 
training at Tehran’s Imam Bagher University, and an initial assignment to 
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relevant provincial intelligence offices. '' By contrast, admission to the 
Revolutionary Guard is as simple as the enlistment option to fulfill one’s 
military service obligations. That said, advancement in Guard ranks engages 
a more and more stringent counterintelligence examination of the religious 
and political views of candidates and their family members. 39 Entrance 
requirements for the Basiji are the least stringent, with entry into Basiji 
Student Organizations requiring little more than a photo ID, although 
constant monitoring by the Basiji at least creates an observable timeline for 
counterintelligence investigators from that point forward. 

Iran’s human and cultural terrain necessarily impacts its approach to this 
counterintelligence enterprise. Paraphrasing a literary idiom from Iran’s 
ancient Master Narrative illustrates the cultural norms of this terrain: “In 
Iran there are counterintelligence organs; on the other hand there are no 
counterintelligence organs.” The idiom is used in a narrative sense to convey 
the Persian cultural idea that there is really nothing other than Allah. Used 
here, it emphasizes the Iranian view that counterintelligence, like all things, 
must ultimately be in the hands of Allah. Structurally, Iranian Cl is not 
limited to discrete organizations that can be administratively described in a 
Weberian sense, but is rather a mixture of stand-alone organizations and 
counterintelligence functions diffused across Iran’s security matrix. That 
security matrix is wide and deep, but it is also amorphous, with varying 
densities in distinct organizations. 

MILITARY COUNTERINTELLIGENCE 

The military intelligence organ charged with Army counterintelligence, the 
Intelligence Protection Organization of the Islamic Republic of Iran 
(SAHEFAJA), utilizes an independent chain of command to report to the 
Supreme Leader. While the Commander-in-Chiefs General Office of 
Counterintelligence (Daftar-e Omoumi-ye Hefazat va Ettelaat-e Farmandehi-e 
Kol-e Qova) formally sits at the apex of a Cl system that includes the Ministry 
of Defense Counterintelligence Organization, the IRGC Counterintelligence 
Organization under Brigadier General Mohammed Kazemi 40 and the Law 
Enforcement Forces Counterintelligence Organization 41 are in many ways 
more significant to Iran’s internal security. 42 

Tehran’s Cl system is operationally broad, and attempting to assess the 
external dimensions of offensive Iranian counterintelligence operations would 
be an attempt to describe too much with too little. A more productive 
purpose then is a description of internal security Cl within the Islamic 
Republic itself. Like that of most aspirational powers, Iran’s 
counterintelligence architecture has successfully contained and eliminated 
multiple threats to the regime. But whether Iran’s successes were the result of 
Iranian prescience, sloppy tradecraft on the part of Tehran’s adversaries, 
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luck, or some combination thereof probably does not much matter. A 
congruence between the public domain narrative that explains successful 
Iranian counterintelligence measures and an objective assessment of the basis 
for such success is problematic because the “chain of acquisition” in 
gathering information to judge those events is not directly observable. Since 
the public domain explanation is at least plausible, and perhaps in a few 
instances accurate, it may help illuminate the edges of Iranian 
counterintelligence accomplishments and how they materialized. 

DEFECTORS AND COUNTERINTELLIGENCE 

Defectors, and the art of understanding defectors in an Iranian context or 
any other, represent a special kind of counterintelligence challenge. While 
managing defectors is always problematic, the gathering of human 
intelligence (HUMINT) in denied areas is a complex endeavor and defectors 
offer the potential of real collection shortcuts. 41 The assessment of defectors, 
however, requires both unique and discrete counterintelligence analysis, and 
is still practiced as both art and science. Defectors in place (sometimes called 
agents in place) are of greater value to an adversary service, while an 
immediate defection and exfiltration is of lesser value as the information 
package the defector can betray to adversary services is thereby limited to 
past intentions, knowledge, operations, and practices 44 

Typical of a “Second World” power under intense pressure from “First 
World” adversaries, Iran has suffered some painful defections, among them 
that of VEVAK co-founder Abu al-Kassam Misbahi who defected to the 
German BND (Bundesnachrichtendienst) in 1996. Likewise, the defection of 
former Deputy Defense Minister and Pasdaran Chief Ali Reza Ashgari, with 
his intimate knowledge of the foundation of Hezbollah, was disastrous. 
Ashgari had apparently served as an agent in place since 2003, 45 and his 
exfiltration from Istanbul, Turkey, in 2007 indicates careful planning and 
therefore implies adequate planning time. High level defections like this are 
effectively unthinkable in mature First World nations like Britain, Japan, and 
the United States, but they can happen in Second and Third World countries, 
and the possibility of such high-level defections must therefore be considered 
part of the Cl ecosystem in countries like Iran. 

Tehran has been reasonably effective in precluding the defection of 
diplomatic personnel in its foreign service, in part due to a potential for 
reprisal against family members remaining in Iran. In addition to such 
standard police state methods as informant networks, the newer social media 
surveillance methods look for evidence of disloyalty within the diplomatic 
corps. For example, the Pasdaran, after the 2015 nuclear agreement with the 
United States that remains controversial among Iranian hardliners, organized 
multiple “spear phishing” attacks against Iranian diplomats to both monitor 
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them and compromise their foreign service peer networks to the Guard. 4 * 1 
From the time the Khomeini government consolidated power almost two 
generations ago, until the period following the fraudulent 2009 elections, Iran 
has experienced the defection of only some twenty diplomats to various 
countries 47 But preventing defection is only part of the counterintelligence 
challenge. Iran’s ability to protect its diplomatic and other codes against 
penetration by First World adversary services is fundamentally limited by 
Iran’s status as a second level economic and technological power. 48 It simply 
does not have sufficient capacity to deploy the technological and human 
capital required to protect its communications systems across the board from 
its major international adversaries. 49 That said, Iran is able to protect some 
communications, thereby allowing many of its high priority foreign 
diplomatic operations some possibility of security. 

Concurrently, Iran has also demonstrated the skills necessary to 
successfully target international organizations to further its political purposes. 
In its counterintelligence ecosystem, non-Iranian Shi’a designated by Iran’s 
service can be targeted, using such Iran-based non-governmental 
organizations engaged in public diplomacy as lAbl-ul-Bayt World Assembly, 
for counterintelligence operations. Abl-ul-Bayt, which refers to the Household 
of the Prophet, was established as an organization headquartered in Tehran 
in 1990 as a global influence network promoting outreach to non-Iranian 
Shi’a and those who might be sympathizers to the Iranian Revolution. Its 
most recent conference in Tehran in 2015 drew roughly 1800 non-Iranian 
Shi’a from 130 countries. 81 ’ The MOIS had not only the challenge of 
monitoring possible foreign intelligence officers and adversary service 
penetration operations among the attendees 81 but the opportunity for 
cultivating attendees for ongoing intelligence-related development. 

Despite Tehran’s wish that Iran be a denied area for adversary intelligence 
services, Iranian nationals, Iranian expatriates, and foreigners transverse the 
country’s frontiers with some regularity. Its eighty-seven official border 
points complicate Iran’s counterintelligence problems. 82 After the official 
points of entry the task of observing the intelligence affiliations of overt 
foreign entities that operate lawfully in Iran, ranging from foreign 
corporations to embassies, presents a strong challenge to Tehran’s multiple 
security organizations. All-source analysis on those foreign entities and their 
acknowledged personnel, and incorporating their social media presence, 
creates a profile allowing for Iran to identify anomalies that may have 
intelligence relevance. That said, Iran like any power must prioritize its 
counterintelligence targets in a way congruent with both its resources and 
political objectives. Counterintelligence methods once used at Tehran’s Imam 
Khomeini International Airport demonstrate the impact of limited resources. 
That airport’s security system, in addition to traditional human spotters, 53 
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utilized watch lists generated by both the IRGC and MOIS. When listed 
Iranian nationals and foreigners entered the country their movements and 
contacts could be mapped, and they could be arrested prior to departure, 
depending on the intent of the Iranian security organs.'’ 4 Complicating that 
counterintelligence task is the reality that MOIS or the IRGC must be aware 
that individuals are of intelligence interest before their names can show up on 
an intelligence watch list. Iran’s frontiers are volatile, and although invasion 
is difficult the counterintelligence environment becomes challenging, from the 
mountains populated by resisting and restless ethnic groups to the vast 
Dasht-e Lut deserts extending into Baluchistan, 55 making its porous borders 
inviting targets for foreign special operations. Given the impracticality of 
trying to seal the border from operations professionals the government’s 
focus is on securing the population. Consequently, the focus of 
counterintelligence efforts is the population of the Mashhad region in the 
northeast 56 and the major population belt which runs from Tehran in the 
foothills of the El Burz range down toward the Zargos range and from there 
in the direction of the Strait of Hormuz. 

Domestically, MOIS is the dominant security service, with specific 
responsibility to monitor Iran’s ethnic minorities on the periphery of the 
country including the Baluch, Kurd, and Arab communities, along with the 
many refugees from Afghanistan’s endless wars. 58 Externally, MOIS is tasked 
to neutralize Iranian expatriate dissident organizations.^ 9 Concurrently, Iran 
shares a few problems with some of its adversary services, including domestic 
terrorism by ISIL (ISIS) on Iranian territory and infiltration into the country 
by such hostile non-state groups as al-Qaeda which has already penetrated 
the security services of some Sunni states. 60 

The basis for MOIS’s internal security efforts, as with the independent 
efforts of its sister agencies, is an extensive informant system whose 
participants are expected to look for signs of dissent. 61 In addition, an 
extensive network of Daftar-e Herasat (Security Offices) across the country 
utilizes personnel reporting to MOIS across all public organizations, as well 
as governmental and educational agencies. 62 At a practical level, Herasat 
personnel impact hiring and firing decisions, monitor communications of 
those within the scope of their responsibilities, and act as informants against 
persons suspected of disloyalty. 63 

Working alongside the MOIS, the Basiji Mostazafan, now the largest militia 
in the world, conducts domestic counterintelligence using methods analogous 
to the old Communist Party system in Marxist-Leninist states. 64 The Basijis, 
sometimes dismissed because of their roughhewn unsophisticated origins, have 
become a major source of recruitment for both the Revolutionary Guard and 
the Security Police (PAVA). The Basiji have been described as ubiquitous 
throughout Iran by Saeid Golkar, with a massive network that serves as an 
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auxiliary that supports Iran’s overall counterintelligence requirements. They 
also engage in ongoing indoctrination regarding the Velayat-e Faqih and 
violently suppress any open dissent against the regime. While organized across 
the Iranian state, the Basiji are generally associated with the rural and 
conservative communities that harbor resentment against urban elites and 
their perceived lack of piety. This widespread association was partially created 
by the Basiji organization’s character, which is anchored in localism, and the 
family needs of the large numbers of volunteer teenagers and old men often 
utilized by the Basiji on a seasonal basis to accommodate the needs of 
agricultural labor. 65 The larger Basiji organization is built around resistance 
regions (Nahieh-e Basij), reporting to the IRGC provincial command (Sepah-e 
Ostani). These regions are divided into zones (Hozehale moghavamet-e Basij), 
which direct several resistance bases containing a variety of groups 
responsible for security and indoctrination. 66 Organizations relevant to the 
counterintelligence effort within these bases include the Nasehin groups, which, 
under the Council of Morality Policing in each base, enforce Islamic morality 
neighborhood by neighborhood. The Nasehin group includes an intelligence 
element (Shanasaei) which gathers information in support of passive 
surveillance. It includes members involved in intelligence collection (Mokhber 
Basij) through patrols that gather information about local developments and 
track down any relevant rumors. 67 In a way, the Basiji function as a malignant 
analog to the community policing ideal, but in this instance are intent on 
ferreting out any whisper of dissent. 

CYBER’S CHALLENGE TO COUNTERINTELLIGENCE 

The new dimension of cyber creates a most challenging arena for 
counterintelligence contests. Even in Western countries the 
counterintelligence space defined by the cyber domain is still often treated in 
the open literature and other narratives as an appendage rather than an 
integral element of analytical and operational intelligence disciplines. Perhaps 
that is due to an as yet incomplete integration of information technologies 
(ITs) into the counterintelligence practitioner’s role. To date, cyber remains 
as a functionally discrete element of Iranian counterintelligence practice, most 
likely because Iran remains an economic and technological follower, rather 
than a leader, of the world’s information technologies. Even those few 
discrete instances of world class Iranian cyber skills 66 do not remedy the 
larger problem of Tehran’s having a second-rate information infrastructure. 

The disastrous impact of the Stuxnet virus first awakened Iran to its cyber 
vulnerabilities and led to a response across its security sector. In 2010 Iran 
formally acknowledged its government-wide entrance into the field through the 
creation of cyber borders and the establishment of counterintelligence controls 
beginning with a Cyber Defense Command (Gharargah-e Defa-e Saiberi) 
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under the Artesh Passive Defense Organization that was tasked with defending 
the nation’s information infrastructure. In 2012, a Supreme Council of 
Cyberspace (Shora-ye Ali-ye Fazo-ye Majazl) was decreed by Khamenei. Now 
directed by Mohammad Hassan Entezar, it coordinates government-wide 
efforts to establish and secure Iran’s cyber domain, 69 with most activity focused 
on the suppression of any potential challenge to the Vilayat-e. 10 To secure its 
cyber borders, Tehran attempts to route all Internet communications through a 
Telecommunications Infrastructure Company 71 choke point, and secondarily, 
utilizing a variety of commercial systems that allow Iran to monitor normal 
internal communications between Iranians and the outside world. 72 Carnegie 
Endowment materials discussing Iran’s cyber targeting of internal threats note 
that the techniques applied are well known, ranging from mapping Telegram 
accounts with Iranian phone numbers to targeting individuals with potentially 
dissident organizations with “spear phishing” campaigns. Likewise, to preclude 
any religious challenge to the regime’s legitimacy, the Tehran regime, through 
the IRGC, targets and compromises the electronic communication and peer 
networks used by the authoritative Center for Services of Islamic Seminaries 
and the Islamic Propagation Office in Qom. To manage the larger 
population, Iran has attempted to create some soft digital borders utilizing a 
National Information Network, or “Halal Internet,” using greater connection 
speeds and steep price discounts that serve as tools of persuasion to encourage 
popular usage while concomitantly easing the challenge of monitoring digital 
activity within the country. 74 

Being able to effectively monitor social media to identify dissent is different 
from using information technologies to further intelligence analytics and 
operations on a national scale. The regime’s clerical masters harbored 
growing suspicions about the religious reliability of those with the greatest 
technical skills, and sought to combat any opposition. One solution that 
worked, from a counterintelligence standpoint, was the creation of a 
compartmented system of tiered cyber operators executing assigned tasks 
furthering the Vilayat in cyber domains. This has created a somewhat 
amorphous system parallel to the dedicated government entities. These cyber 
operators, who often populate Iranian Security Forums, are contracted by 
the IRGC to code particular tasks, thereby taking advantage of their 
technical skills without risking penetration of government services through 
the hiring of politically or religiously unreliable personnel. The Revolutionary 
Guard can then administratively combine the products created by the 
contracted coders and those written in separate compartments to implement 
counterintelligence priorities. 76 

Formally, the Ministry of Interior administers a State Security Council 
(Shura-ye Aminiyat-e Keshvar) that coordinates the Ministry of Intelligence 
and the IRGC to manage Iran’s internal security. But, in practical terms, the 
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Ministry of Interior under Mostafa Mohammad-Najjar plays a somewhat 
ancillary role in Tehran’s security architecture, controlling ordinary crime as 
well as suppressing political dissent. The Interior Ministry includes Iran’s 
Law Enforcement Forces (Niruha-ye Entezami-ye Jomhuri-ye Islami or 
NAJA) created in 1991 to incorporate urban police, the rural gendarmerie, 
and various revolutionary committees. 76 The NAJA, now under General 
Hosein Ashtari, are structurally rational in a Weberian sense, with a national 
leadership and a command headquarters in each province controlling local 
police stations. Typically, the stations incorporate at least one deputy for 
intelligence. The police recruit heavily from the Basiji, and roughly half the 
country’s police force of approximately 100,000 consists of conscripts 
fulfilling their military service. NAJA’s Intelligence and Public Security Police 
(PAVA) branch focuses on internal intelligence gathering in neighborhoods 
through networks of local informers (Mokhber Mahali ). 77 In 2011, some 
cyber police organizations like FATA, under Brigadier General Kamal 
Hadianfar, began a more methodical surveilling of social media in order to 
target Internet crime and using the results as a basic roadmap to identify and 
suppress social and political dissent. 76 The fine granularity surveilling of 
social media platforms at this level is facilitated by the Police Electronic 
Services Office (Daftar-e Khademat-e Elekronik-e Entezami), sometimes 
called Police Plus Ten, which acts as an umbrella organization utilizing about 
forty thousand employees from private surveillance companies securing 
nearly five thousand neighborhoods. 76 Tehran’s multiple security organs thus 
make it difficult to imagine any Iranian spaces devoid of regime informers. 

Aside from dissent, internal corruption is probably the most significant 
underlying counterintelligence challenge facing Iran. 60 The pervasive 
corruption that replaced the long vanished elan of the Revolution now 
genuinely endangers the entire system of governance, including security 
forces, as institutional loyalty is being superseded by the desire for personal 
gain. 61 Corrupted individuals who knowingly violate Iranian law for personal 
economic gain are subject to witting or unwitting exploitation by foreign 
adversary intelligence services that seek entree to Iran. The most common 
vector of corruption in Iran’s NAJA is the illicit opium trade, since the bulk 
of Afghan opium production transits Iran at point or another. 62 Iran also 
hosts a variety of internal “mafias,” particularly in sugar imports, hard 
currency, football clubs, and automobiles, often employing aghazadeh 
(children of important people) as corrupt facilitators. 6 ’ Corruption and 
organized crime erode the integrity of any government but are particularly 
corrosive when undermining a Revolution that proclaims Islamic piety and 
claims to purify the hearts of men in the name of Allah. 

Counterintelligence is a discipline with long horizons. The emerging 
horizon is digital, infused with artificial intelligence, and characterized by a 
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vanishing border between virtual and other realities. This is a challenge that 
Iran’s Revolutionary government based on Ayatollahs is simply not capable 
of meeting. The existential counterintelligence threat facing the Partisans of 
Ali is a technological globalism that all of their piety cannot overcome. 
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